Mozilla Foundation Security Advisory 2012-59

Location object can be shadowed using Object.defineProperty

Announced

August 28, 2012

Reporter

Mariusz Mlynski

Impact

High

Products

Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR

Fixed in

Firefox 15
Firefox ESR 10.0.8
SeaMonkey 2.12
Thunderbird 15
Thunderbird ESR 10.0.8

Description

Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks.

Update October 9, 2012: This advisory was updated to reflect the fact that bug 756719 was also fixed in ESR 10.0.8.

References

Object.defineProperty can shadow window.location
CVE-2012-1956

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2012-59

Location object can be shadowed using Object.defineProperty

Description

References